Versions 2.3.2 and earlier of ldapauth-fork
are affected by an LDAP injection vulnerability. This allows an attacker to inject and run arbitrary LDAP commands via the username parameter.
Update to ldapauth-fork
version 2.3.3 or later.
CPE | Name | Operator | Version |
---|---|---|---|
ldapauth-fork | lt | 2.3.3 |